Hackers Compromising Routers and Networking Hardware Worldwide

U.S. and U.K. officials warned this Monday that hackers working on behalf of Russia’s government are compromising routers and networking hardware worldwide.

The routers, switches, firewalls and other network devices belong to businesses, governments and critical-infrastructure providers, officials said in a technical alert jointly issued by the U.S. Department of Homeland Security and FBI and the U.K’s National Cyber Security Center. Essentially, anyone online is a potential target if their software for network equipment has not been kept up-to-date and they have not changed default passwords.

The FBI said that it has “high confidence that Russian state-sponsored cyber actors are using compromised routers to conduct man-in-the-middle attacks to support espionage, extract intellectual property, maintain persistent access to victim networks, and potentially lay a foundation for future offensive operations”.

The officials said they had gained the intelligence from a range of sources, including “private and public-sector cybersecurity research organizations and allies” who had reported malicious activities to the U.S. and U.K. governments since 2015. The technical alert stated, “These operations enable espionage and intellectual property that supports the Russian Federation’s national security and economic goals.”

In a New York Times article, Howard Marshall, deputy assistant director of the FBI cyber division, warned the public, “Once you own the router, you own all the traffic, to include the chance to harvest credentials and passwords”. He added, “It is a tremendous weapon in the hands of an adversary.”

As the journalists for The New York Times noted, the joint effort appears to be an attempt to both alert individuals to the need to mitigate against hacking of this nature and to warn Russia against future attacks in part by threatening retaliation against Moscow if damage has been achieved.

“When we see malicious cyberattacks, whether from the Kremlin or other nation-state actors, we are going to push back,” Rob Joyce, the cybersecurity coordinator for the National Security Council, said. That would include “all elements of U.S. power available to push back against these kinds of intrusions,” he added, including “our capabilities in the physical world.”

Robert Hannigan, an executive with the cybersecurity company BlueVoyant and former director of GCHQ, the U.K’s intelligence and security organization, said: “We have found the Russians in routers and deep inside networks for 20 years. But this is about saying to the Russians, ‘We know where you are pre-positioned and if something happens, we will know it is you.’”